Security Server Installation Guide - Netop...Security Server Installation Guide 29.03.2017 5 5....

SECURITY SERVER INSTALLATION GUIDE

29 March 2017

Security Server Installation Guide

29.03.2017 1

Contents

1. Introduction .................................................................................................................................. 2

1.1 Assumptions ......................................................................................................................... 2

1.2 Prerequisites ........................................................................................................................ 2

2. Required setups prior the Security Server Installation .................................................................. 3

1.1 Create domain admin account user ...................................................................................... 3

1.2 SQL setup ............................................................................................................................ 5

1.2.1 Add the domain account user to the SQL DB .......................................................... 5

1.2.2 Create the NSS DB ................................................................................................. 6

3. Install the Security Server ............................................................................................................. 7

4. Configure the Security Server ..................................................................................................... 12

5. Launch the Security Server module and run the setup wizard .................................................... 20

6. Configure the Host to use Security Server .................................................................................. 27

7. Configure the Security Role Assignment .................................................................................... 33


29.03.2017 2

1. Introduction

The Netop Remote Control Security is a centralized authentication server for Netop Remote Control

Hosts. It can also act as a centralized log server for Netop activity from both the Netop Host and Netop

Guest.

The Security Server consists of two components.. One is simply called the Security Server module and

it is the engine that runs, listens and processes authentication requests from the Host. The second

component is called the Security Manager which is simply a GUI to edit the security roles and role

assignments in the database. The Security Manager will also allow you to view the Netop activity log.

This document walks you thought the installation of Netop Security Server and integration with an SQL

database and the Active Directory, ensuring functionality with Netop components.

This guide does not explain all options within the Security Server. For detailed information on the Netop

Security Server complex functionality, see the Netop Remote Control Administrator’s Guide.

1.1 Assumptions

This guide assumes that you have installed a Netop Guest and a Netop Host on different computers

and you can make a remote control connection between the two.

1.2 Prerequisites

Before you begin you will also need to obtain the Netop Remote Control Security Server MSI and a

valid serial number.


29.03.2017 3

2. Required setups prior the Security Server Installation

1.1 Create domain admin account user

On the Active Directory server create a domain account:

1. Go to Start>Programs>Administrative Tools, and click Active Directory Users and

Computers.

2. In the Active Directory Users and Computers window, expand <domain name>.

3. Right-click Users, point to New, and select User.

4. In the New Object - User dialog box, do the following:

• In the First name and Last name fields, type a first and last name for the account.

• In the User logon name field, type the username that will be used to log on to the Active

Directory domain.

5. Click Next.

6. In the Password field, type a password for the account, and then in the Confirm password

field, type the password again.

7. Select User cannot change password and Password never expires:


29.03.2017 4

8. Click Next, then click Finish. The domain account users will be added to the domain.

Note: To install Security Manager, you must be an administrator or a user with local administrator rights to the server and with access rights to the Windows Server console.

Give the domain account administrative privileges:

1. Right-click the created user account and select Add to a group.

2. In the Select Groups dialog box, search for the group name by entering the name in the Enter the

object name to select field and clicking Check Name.

3. Click OK.

4. If multiple group names are found, select Domain Admins.


29.03.2017 5

5. Click OK. The selected group will be displayed in the Select Groups dialog box:

6. Click OK. The selected domain account was granted administrative privileges.

1.2 SQL setup

1.2.1 Add the domain account user to the SQL DB

1. In SQL Server Management Studio, open Object Explorer and expand the Security folder.

2. Right-click the Logins folder and click New Login....

3. Search for the domain account user and make sure to select Windows authentication.


29.03.2017 6

4. Click OK.

1.2.2 Create the NSS DB

In the Object Explorer, right-click the Databases folder and click New Database... In the New Database

window, type a name for the Netop Security Server database and make the domain account user the

DB owner.

Click OK.


29.03.2017 7

3. Install the Security Server

Prerequisite: On the machine where you will install the Netop Security Server, add the domain admin

user to the Windows Local Administrator list.

1. Log into the Windows Server console using the account with local administrator rights (the one mapped with teh NSS DB on the SQL server).

2. Go to the folder you have saved the Netop Remote Control Security Server MSI and double-click it. The Netop Security Server – Setup will be displayed.


29.03.2017 8

3. Click Next.

4. Accept the Netop End-User License Agreement.

5. Click Next.

6. Enter the username, organization and the Netop Security Server Serial Number (sometimes referred to as the License Key).


29.03.2017 9

7. Click Next.

8. Select the Typical setup type.

Some Netop features might require a restart of the Netop service or the computer.


29.03.2017 10

9. Make sure that the Restart service if needed option is checked.

10. Click Next.

11. Make sure that the Allow Netop Security Server to accept incoming network connections option is checked.

12. Click Next.


29.03.2017 11

13. Optionally, you can choose to Save Installation files for future use (Change or Repair).

14. Click Install.

IMPORTANT: Uncheck the Launch the Netop Security Server Product checkbox.

15. Click Finish.


29.03.2017 12

4. Configure the Security Server

1. From the Windows desktop go to the Start > All Programs > Netop Remote Control and run as administrator the Security Manager. The Netop Security Manager Setup Wizard will be displayed.

2. In the Logon to Database dialog box, make sure that the Create local test database option is not selected and click Change.

The Select Data Source dialog box will be displayed.

3. Select the Machine Data Source tab.

4. Click New.


29.03.2017 13

5. In the Create New Data Source dialog box, select System Data Source (Apply to this

machien only).

6. Click Next.

7. Select SQL Server as driver for which you weant to set up a data source.

8. Click Next, then click Finish. The Create a New Data Source to SQL Server wizard will be

dispalyed.

9. Type a name for the data source and from the Server drop-down list select the MS SQL server

you will connect to:


29.03.2017 14

10. Click Next. Make sure that the following options are selected:

• With Windows NT authentication using the network login ID

• Connect to SQL Server to obtain default settings for the additional configuration options.


29.03.2017 15

11. Click Next.

12. Select Change the default database to <the Netop Security Server DB, as defined in the SQL Server>:

13. Click Next, then click Finish. The ODBC Microsoft SQL Server Setup dialog box will be

displayed:

14. Test the data source. If successful, click OK.


29.03.2017 16

15. Click OK three times to reach the Logon to Database dialog box.

16. Enter the password and click Logon.


29.03.2017 17

17. In the Netop Security Server – Security Server Public Key dialog box, click to Generate New Public Key.

18. Click Generate New Public Key.

19. Select the public key generated then click Copy to clipboard.

20. Click Next twice. 21. In the Group Name (Private) field enter your domain and re-enter it in the Confirm Group

Name field.

22. Click Next. The Security Server list will be displayed. The name of your Security Server will appear in the server field.


29.03.2017 18

23. Click Add to add your Security Server to the database, then click Next.

24. Select Guests enter Directory Services username and password.

25. Click Next and select Always the Workstation.


29.03.2017 19

26. Click Next, then close Netop Security Manager.

Open a txt file and paste the Security Server Public Key you have previously saved to clipboard.


29.03.2017 20

5. Launch the Security Server module and run the setup wizard

1. From the Windows desktop go to the Start menu and select All Programs > Netop Remote

Control > Security Server.

It is required that you select to Run Host as specific user by checking the Enable box.

2. Enter Windows credentials that have been added to the Local Administrators Group on this server.

3. Click OK. The Netop Security Server Setup Wizard will be displayed.

4. Click Next.


29.03.2017 21

5. Make sure that the Default option is selected.

6. Click Next.

7. Make sure that the option to Start with Windows is selected.

8. Click Next.

9. Enter a secure password that can be used later to remote control the Security Server from your Netop Guest. Make sure to confirm the password.


29.03.2017 22

10. Click Next.

11. Make sure that you choose not to configure WebConnect by selecting No.

12. Click Next.

13. Select the No, I do not want to register my Netop License now option.


29.03.2017 23

14. Click Next.

15. Click Finish.

16. The Netop Security Server is now running. The Netop Security icon appears in the system tray.


29.03.2017 24

17. Right click on the icon and select Restore.

18. Go to the Tools menu and select Security Server Setup. The database setup will be displayed.


29.03.2017 25

19. In the upper-right corner of the page, click the ellipsis button. The Select Data Source page will be displayed from where you will select the desired database.

20. Click the Machine Data Source tab, select the NetOp_Security_Evaluation data source name and click OK.

21. No need to enter credentials; just click OK.


29.03.2017 26

22. Click the Logon button.

23. Wait until you see the Information Status: “Security Server running.”

24. Click OK.

25. Restart the Netop Security Server.


29.03.2017 27

6. Configure the Host to use Security Server

1. Open GUI of the Host you want to use with Security Server.

2. Make a note of the Host ID as it is displayed in the General tab. You might want to use this ID later when making role assignments in the Security Manager.

3. On the main menu click Tools and select the Communication Profiles option. The Communication Profile Setup will be displayed.


29.03.2017 28

4. Make sure that the TCP/IP communication profile is selected. Click on it then click the Edit button.

5. Click the IP Broadcast list… button.

6. Click the Add button.


29.03.2017 29

7. Enter your Security Server’s DNS name or IP address and click OK.

8. Optionally, you might unselect to Disable local subnet broadcast.

9. Click OK twice then click Close. You will be prompted to restart the Host.

10. Click OK.

11. On the main menu, click Actions and select Restart.

12. Once the Host’s status returns to running on the main menu click Tools and select the Log Setup option.


29.03.2017 30

13. Select the Log on Netop Server option.

14. Click the Netop Server tab.

15. Click the Select All button to enable logging of all Netop events.

16. Click the Browse… button.You will be prompted to wait until the Log Servers list will be displayed. Your Netop Security Server will be shown in the list.


29.03.2017 31

17. Select the server name from the list and click the Select button.

18. Click OK. The Netop Host is checking if the log server is available.

19. On the main menu click Tools and select the Guest Access Security option.


29.03.2017 32

20. From the Guest Access Method drop-down list select the Use Netop Security Server option.

21. Copy and paste the Public Key from the Public Key text file that you made while setting up the Netop Security Manager.

22. Click OK.


29.03.2017 33

7. Configure the Security Role Assignment

1. Return to the Netop Security Server computer and open the Netop Security Manager.

2. On the left tree collapse Netop Definitions and select Guest IDs.


29.03.2017 34

3. Right-click on the right side of the window and select New.

4. In the first field type a new Guest ID.


29.03.2017 35

5. In the Password area, enter a password and confirm it and make sure to deselect the Change at next logon option.

6. Click OK.

7. On the left tree, collapse Security Settings and select Role Assignments.


29.03.2017 36

8. Right-click on the right side of the window and select New.

9. In the Select Guest Type dialog box select Guest ID and click Next.


29.03.2017 37

10. The Guest ID you created earlier is selected by default. Click Next.

11. Select the Host ID Group option and click Next.


29.03.2017 38

12. The UNREGISTERED HOSTS group is selected by default. Click Next.

13. The Full Control security role is selected by default. Click Finish.

You have now completed your first role assignment for testing.

If you have configured everything correctly will now be able to connect from your Netop Guest to the

Netop Host using Security Server authentication and Security Server logging.

Security Server Installation Guide - Netop...Security Server Installation Guide 29.03.2017 5 5....

Documents

Transcript of Security Server Installation Guide - Netop...Security Server Installation Guide 29.03.2017 5 5....